Description:
According to a security advisory [1] from Maksymilian Arciemowicz,
a vulnerability exists in the programming language PHP [0] which
allows local users to bypass certain Apache HTTP server "httpd.conf"
options, such as "safe_mode" and "open_basedir", via the "ini_restore"
function, which resets the values to their "php.ini" (master value)
defaults. The Common Vulnerabilities and Exposures (CVE) project
assigned the id CVE-2006-4625 [2] to the problem.

According to a security advisory [3] from the Hardened-PHP project, an
integer overflow bug exists in the programming language PHP [0] which
allows remote attackers to execute arbitrary code via an argument to
the "unserialize" PHP function with a large value for the number of
array elements, which triggers the overflow in the underlying Zend
Engine "ecalloc" function. The Common Vulnerabilities and Exposures
(CVE) project assigned the id CVE-2006-4812 [4] to the problem.

According to a security advisory [5] from the Hardened-PHP project, a
race condition in the "symlink" function of the programming language
PHP [0] exists which allows local users to bypass the "open_basedir"
restriction by using a combination of "symlink", "mkdir", and "unlink"
functions to change the file path after the "open_basedir" check and
before the file is opened by the underlying system, as demonstrated
by symlinking a symlink into a subdirectory, to point to a parent
directory via ".." sequences, and then unlinking the resulting
symlink. The Common Vulnerabilities and Exposures (CVE) project
assigned the id CVE-2006-5178 [6] to the problem.
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________